Authored Books
 |
"This book [How to Break Software Security] offers some of the best security testing concepts I've seen. You don't have to use the techniques outlined in this book; but if you don't, the hackers will!" |
| Michael Howard, Microsoft co-author of Writing Secure Code |
HOW TO BREAK SOFTWARE SECURITY
Effective Techniques for Application Security Testing
 |
This book describes 19 focused testing attacks
that can be mounted against various applications that will
expose security vulnerabilities caused by software dependencies,
data-dependent weaknesses in software, application design flaws,
and implementation-related vulnerabilities It asks and answers
questions such as: How do you find security bugs in
software? What models exist to assess risk and think about
security bugs? Why does testing routinely miss security bugs? What software testing tools will help me?
Purchase | Training based on book |
Team Development with Visual Studio Team
Foundation Server
This guide shows you how to make the most of
Team Foundation Server. It starts with the end in mind, but
shows you how to incrementally adopt TFS for your organization.
It's a collaborative effort between patterns & practices, Team
System team members, and industry experts.
Purchase
HOW TO BREAK WEB SOFTWARE
Functional and Security Testing of Web Applications and Web Services
 |
In this book, two renowned
experts address every category of Web software exploit: attacks
on clients, servers, state, user inputs, and more. You’ll master
powerful attack tools and techniques as you uncover dozens of
crucial, widely exploited flaws in Web architecture and coding.
The authors reveal where to look for potential threats and
attack vectors, how to rigorously test for each of them, and how
to mitigate the problems you find. Whether you’re a developer, tester, QA specialist,
or IT manager, this book will help you protect that
software–systematically. Purchase | Training based on book | Q&A w/authors |
IMPROVING WEB SERVICES SECURITY
Scenarios and Implementation Guidance for WCF
 |
This guide shows you how to make the most of WCF (Windows Communication Foundation). With end-to-end application scenarios, it shows you how to design and implement authentication and authorization in WCF. Learn how to improve the security of your WCF services through prescriptive guidance including guidelines, Q&A, practices at a glance, and step-by-step how tos. It's a collaborative effort between patterns & practices, WCF team members, and industry experts. This guide is related to our WCF Security Guidance Project Download |
THE SOFTWARE VULNERABILITY GUIDE
 |
Many developers are not familiar with the techniques needed to
write secure code or detect existing vulnerabilities. The Software Vulnerability Guide focuses on the origin of most software vulnerabilities, including the bugs in the underlying software used to develop IT infrastructures and the Internet. Most of these security bugs (and the viruses, worms, and exploits that derive from them) started out as programmer mistakes. With this easy-to-use guide, programmers and testers will learn how to recognize and prevent these vulnerabilities before their software reaches the market. Purchase |
HOW TO BREAK SOFTWARE
A Methodology for Effective Software Testing
 |
This book is a practical tutorial on how to actually do testing by presenting numerous 'attacks' you can perform to test your software for bugs and includes a 17-step methodology to effectively and efficiently test software. It asks and answers questions such as: How do good testers actually do testing? What models exist to guide my testing? How do I develop an insight for where bugs are hiding? What software testing tools will help
me? Purchase | Training based on book |
